1. Technical Field
The invention relates to so-called “smart cards” used in digital computer communication and networks, and more particularly, to digital certificate surrogates that do not require users to leave their smart cards in a reader for the duration of the secure communication.
2. Description of the Prior Art
Personal computers (PCs) are no longer used exclusively at the office. Home and recreational PC use has increased dramatically. Internet access now allows users to connect to the World Wide Web, newsgroups, and e-mail. Home users and businesses are also finding online shopping, or e-commerce, appealing because of the convenience, simplicity, and robustness. This widespread availability and acceptance of computers has dramatically increased the number of people with the ability to compromise data.
As prices continue to drop, and people become more comfortable with technology, the reliance on computer-based resources will continue to increase. As this dependence develops, security exposures may lead to disastrous results with possible financial and legal ramifications. At a minimum, a security breach will result in lost time and decreased productivity while a “clean up” effort occurs. More than likely however, the results will be much worse. Financial losses as well as non-monetary effects could occur.
Businesses today demand accurate and secure handling of electronic information. The National Security Agency's FORTEZZA program addresses this demand by providing the technology to enable value-added security services for unclassified but sensitive information. FORTEZZA technology provides data integrity, originator authentication, non-repudiation (undeniable proof of one's identity), and confidentiality (data privacy). FORTEZZA personalizes security through an individualized cryptographic device, a PC Card called the FORTEZZA Crypto Card.
The Crypto Card includes the user's unique cryptographic key material and related information, and executes the cryptologic algorithms. A sophisticated infrastructure has been designed to generate, distribute, and control the cryptographic keys, control the integrity of the data on the Card, and disseminate required cryptographic and system information. FORTEZZA interfaces and specifications are designed with an “open system” philosophy. This permits seamless integration of the FORTEZZA technology into most data communication hardware platforms, operating systems, software application packages, and computer network configurations and protocols.
The increasing availability and use of electronic data presents new problems for individuals and businesses. The parties involved in the exchange of information can no longer use a person's voice, handwriting, or face to recognize the other party. However, the recipient must still have confidence in the integrity of the information and the identity of its originator. Developers of electronic messaging and data handling products must provide security services so parties can have confidence in the information.
Accurate and secure data must have four security attributes: data integrity, user authentication, user non-repudiation, and data confidentiality. Data integrity means the data has been processed by both the originator and the recipient, e.g., through a “hash” function. In a typical “hash” function, the data in the message is read through a mathematical algorithm which uses every bit in the message to form a uniformly sized string of bits unique to that message. Any change in the message, even a single bit, will cause the recipient's hash value to differ from the sender's hash value. Hash value integrity requires a method to secure the value and verify the originator of the hash function. This requires the message to have the user authentication attribute. User Authentication assures the recipient of the originators identity by cryptographically processing the data with an algorithm which incorporates parameters unique to the originator. The mechanism to perform this check must assure that the data could only be sent from the declared author. The algorithm must produce a result that is easy to verify yet difficult to forge. Authenticating the originator of a message can be performed by the hash and digital signature functions. Non-repudiation is a condition whereby the author of the data cannot repudiate the validity of the result used to authenticate the identity of that user. The technique used to identify the author must be strong enough so the authenticity of the message originator can be proven to a third party. Non-repudiation can be realized by using digital signatures, for example.
Confidentiality provides data privacy by encrypting and decrypting data, whereby only the intended recipient can read a message. Encrypted data renders the sensitive data, non-sensitive. Thus, encrypted data needs less physical data protection. To provide confidentiality, a technique must be established to provide a unique “key” for encryption of the data and the capability to transmit the key and other necessary information to the recipient to decrypt the data. The key provides a variable for each encryption session. This means that multiple encryption of the same plaintext will result in different cipher (encrypted) text. Some algorithms also require an Initialization Vector (IV), for added variability.
The National Security Agency (NSA) developed the FORTEZZA program for the Department of Defense (DoD) in response to the growing need for economical and secure electronic messaging. The DoD is incorporating the FORTEZZA technology into its Defense Message System (DMS) to secure its unclassified but sensitive information. The FORTEZZA technology satisfies the DMS security architecture with a user friendly, inexpensive, cryptographic mechanism that provides writer to reader message confidentiality, integrity, authentication, non-repudiation, and access control to messages, components, and systems. While the DMS exposed the DoD to the need for the FORTEZZA technology, the same security requirements are valid today for civilian agencies, commercial businesses, and private citizens.
Microsoft announced at the Cartes '98 conference in Paris a standards-based platform that provides secure storage for security, loyalty and ePurse solutions in the Microsoft WINDOWS operating system. Smart Cards for Windows makes Windows-based development and run-time environments available to the smart card industry. Microsoft was joined at the announcement at the Cartes '98 conference in Paris by Schlumberger Electronic Transactions and Gemplus Associates International, and by pilot customers Merrill Lynch Company Inc. and Cable & Wireless. This enables card issuers and designers to employ their existing expertise in Windows to develop and deploy a broader range of smart card usage and applications than with other smart card systems. Typical solutions enabled by smart cards are secure network authentication, secure corporate transactions, online banking, debit, credit, electronic cash and customer loyalty programs.
A common, and all too human, problem with smart cards is that they are left in card readers. The problem even extends to automated teller machines (ATMs), where bank customers forget to take their cards. Some ATMs now avoid this problem by allowing the bank customer to hold his ATM card throughout the transaction, requiring only that the card be “swiped” through a card reader.